The breach of the presidential candidates’ passport files were widely reported over the past few days, such as here and here, not to mention the many postings referencing it as “passport-gate” throughout the blogosphere and the political implications. However, based upon what I’ve been reading it looks more like the result of a poor, inadequate and vulnerable information security program.
There are many information security and privacy issues involved with this incident. It would make a great case study to use at a joint meeting with your information security, privacy and compliance folks. Some of the questions to include in your discussion could include…

Over the past few weeks I’ve talked to several privacy officers and information security officers about how things are going with their initiatives, funding, and so on. Many from the financial industry, but otherwise a wide range of businesses from small to large. There has been a common theme during these discussions…

I have written many times about how the U.S Department of Health and Human Services (HHS) has severely weakened the planned privacy and security goals of the Health Insurance Portability and Accountability Act (HIPAA) to require healthcare covered entities (CEs) to implement strong safeguards for the protected health information (PHI) with which they’ve been entrusted. And I still believe that.
However, after reading a another report today I realized something…